An event occurs and generates an audit log, which is
forwarded to the specified syslog server each time you navigate
through the web interface or when you execute an
operational command in
the CLI. Each navigation or command executed generates an audit
log. Take for example if you want to create a new address object.
You generate one audit log when you click
Objects
,
and a second audit log when you then click
Addresses
.
Audit logs can only be forwarded to a syslog server, cannot be forwarded
to Cortex Data Lake (CDL), and are not stored locally on the firewall, Panorama,
or Log Collector.